I'm using WSO2 Identity Server 5.10.0. I have a very classical scenario represented in this image
Basically I have on the DMZ an Apache Web Server responding in SSL on port 443; in the secure zone i have my WSO2 IS server responding on port 9443. I need to support OAuth Open ID authentication (but I have the same issue in the SAML case).
I configured my deployment.toml file in this way:
[server]
hostname = "IAM01"
node_ip = "10.xxxx.yyyy.zzzz"
base_path = "https://$ref{server.hostname}:${carbon.management.port}"
Now when I make a call to the URL https://mydomain/oauth2/token/.well-known/openid-configuration in order to get all the OAuth information, the request is passed to the Web Server and from the Web Server to WSO2. The full WSO2 JSON response is here
As you can see, in this JSON WSO2 responds to me by giving this kind of URLs: https://IAM01:9443/oauth2/authorize. This because in my deployment.toml I told him these paramaters. Sure I can change the hostname in mydomain but it remains the port problem. In fact my clients will fail on matching oauth issuer because they check for an issuer without port. What I would like to do is to configure WSO2 IS in order to tell him to generate all tokens information by using my specification and I con't want to run WSO2 IS server on port 443 (as root user moreover).
I tried to configure the resident identity provider by using its interface as showed in the following 
Also in this way I can't tell WSO2 to generate all the information by using just the https://mydomain/ without adding port and other stuffs.
How can I make this configuration? Moreover, for security policies, I can't run WSO2 IS on port 443.
Thank you
Angelo
